crypto/tls: make cipher suite preference ordering automatic

We now have a (well, two, depending on AES hardware support) universal
cipher suite preference order, based on their security and performance.
Peer and application lists are now treated as filters (and AES hardware
support hints) that are applied to this universal order.

This removes a complex and nuanced decision from the application's
responsibilities, one which we are better equipped to make and which
applications usually don't need to have an opinion about. It also lets
us worry less about what suites we support or enable, because we can be
confident that bad ones won't be selected over good ones.

This also moves 3DES suites to InsecureCipherSuites(), even if they are
not disabled by default. Just because we can keep them as a last resort
it doesn't mean they are secure. Thankfully we had not promised that
Insecure means disabled by default.

Notable test changes:

  - TestCipherSuiteCertPreferenceECDSA was testing that we'd pick the
    right certificate regardless of CipherSuite ordering, which is now
    completely ignored, as tested by TestCipherSuitePreference. Removed.

  - The openssl command of TestHandshakeServerExportKeyingMaterial was
    broken for TLS 1.0 in CL 262857, but its golden file was not
    regenerated, so the test kept passing. It now broke because the
    selected suite from the ones in the golden file changed.

  - In TestAESCipherReordering, "server strongly prefers AES-GCM" is
    removed because there is no way for a server to express a strong
    preference anymore; "client prefers AES-GCM and AES-CBC over ChaCha"
    switched to ChaCha20 when the server lacks AES hardware; and finally
    "client supports multiple AES-GCM" changed to always prefer AES-128
    per the universal preference list.

    * this is going back on an explicit decision from CL 262857, and
      while that client order is weird and does suggest a strong dislike
      for ChaCha20, we have a strong dislike for software AES, so it
      didn't feel worth making the logic more complex

  - All Client-* golden files had to be regenerated because the
    ClientHello cipher suites have changed.
    (Even when Config.CipherSuites was limited to one suite, the TLS 1.3
    default order changed.)

Fixes #45430
Fixes #41476 (as 3DES is now always the last resort)

Change-Id: If5f5d356c0f8d1f1c7542fb06644a478d6bad1e5
Reviewed-on: https://go-review.googlesource.com/c/go/+/314609
Run-TryBot: Filippo Valsorda <filippo@golang.org>
TryBot-Result: Go Bot <gobot@golang.org>
Reviewed-by: Roland Shoemaker <roland@golang.org>
Trust: Filippo Valsorda <filippo@golang.org>

testdata/Client-TLSv12-ALPN

@@ -3,10 +3,10 @@
 00000010  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
 00000020  00 00 00 00 00 00 00 00  00 00 00 20 00 00 00 00  |........... ....|
 00000030  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  |................|
-00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a8  |.............2..|
-00000050  cc a9 c0 2f c0 2b c0 30  c0 2c c0 27 c0 13 c0 23  |.../.+.0.,.'...#|
-00000060  c0 09 c0 14 c0 0a 00 9c  00 9d 00 3c 00 2f 00 35  |...........<./.5|
-00000070  c0 12 00 0a 00 05 c0 11  c0 07 13 01 13 03 13 02  |................|
+00000040  00 00 00 00 00 00 00 00  00 00 00 00 00 32 cc a9  |.............2..|
+00000050  cc a8 c0 2b c0 2f c0 2c  c0 30 c0 09 c0 13 c0 0a  |...+./.,.0......|
+00000060  c0 14 00 9c 00 9d 00 2f  00 35 c0 12 00 0a c0 23  |......./.5.....#|
+00000070  c0 27 00 3c c0 07 c0 11  00 05 13 03 13 01 13 02  |.'.<............|
 00000080  01 00 00 8f 00 05 00 05  01 00 00 00 00 00 0a 00  |................|
 00000090  0a 00 08 00 1d 00 17 00  18 00 19 00 0b 00 02 01  |................|
 000000a0  00 00 0d 00 1a 00 18 08  04 04 03 08 07 08 05 08  |................|
@@ -18,11 +18,11 @@
 00000100  bb 29 07 30 ff f6 84 af  c4 cf c2 ed 90 99 5f 58  |.).0.........._X|
 00000110  cb 3b 74                                          |.;t|
 >>> Flow 2 (server to client)
-00000000  16 03 03 00 66 02 00 00  62 03 03 95 14 55 52 0b  |....f...b....UR.|
-00000010  e7 c1 15 6b dc 19 3b 17  9e bb 6a b7 61 82 dc 59  |...k..;...j.a..Y|
-00000020  d3 a4 7c e1 c3 83 cc e2  e5 56 e0 20 3c 82 0d 54  |..|......V. <..T|
-00000030  2b 78 fe 50 cb 4e c1 69  d7 6f b3 9f ac 2e 27 c8  |+x.P.N.i.o....'.|
-00000040  c6 7a 70 27 1e 14 67 43  4c f1 7d d7 cc a8 00 00  |.zp'..gCL.}.....|
+00000000  16 03 03 00 66 02 00 00  62 03 03 2d b3 e1 a8 44  |....f...b..-...D|
+00000010  c6 3e 20 b9 50 49 ab b8  48 c3 bf d6 f3 7b 2e 0a  |.> .PI..H....{..|
+00000020  8c 49 ba e5 8e 54 5e 02  59 01 75 20 f0 a0 60 c2  |.I...T^.Y.u ..`.|
+00000030  81 df 62 f9 f8 7d 3c 3c  ee 1e 0c 1d c2 11 58 7f  |..b..}<<......X.|
+00000040  e0 dc b1 6c 17 9e 19 60  ca c2 40 84 cc a8 00 00  |...l...`..@.....|
 00000050  1a ff 01 00 01 00 00 0b  00 04 03 00 01 02 00 10  |................|
 00000060  00 09 00 07 06 70 72 6f  74 6f 31 16 03 03 02 59  |.....proto1....Y|
 00000070  0b 00 02 55 00 02 52 00  02 4f 30 82 02 4b 30 82  |...U..R..O0..K0.|
@@ -63,31 +63,31 @@
 000002a0  1c f1 0f a1 d8 40 83 61  c9 4c 72 2b 9d ae db 46  |.....@.a.Lr+...F|
 000002b0  06 06 4d f4 c1 b3 3e c0  d1 bd 42 d4 db fe 3d 13  |..M...>...B...=.|
 000002c0  60 84 5c 21 d3 3b e9 fa  e7 16 03 03 00 ac 0c 00  |`.\!.;..........|
-000002d0  00 a8 03 00 1d 20 c3 e3  43 9c 5d 0f 09 61 ae 18  |..... ..C.]..a..|
-000002e0  66 05 b1 7d c1 9f e5 26  9c a7 97 d6 1f 9a 7c ff  |f..}...&......|.|
-000002f0  8c 34 a1 32 a2 35 08 04  00 80 6c 50 a1 80 d9 20  |.4.2.5....lP... |
-00000300  56 08 da d9 5b 77 4d ad  43 66 71 15 ec fe db 02  |V...[wM.Cfq.....|
-00000310  fb 40 d8 8d 67 22 e2 1b  ec 8d b9 4e ba 65 01 8b  |.@..g".....N.e..|
-00000320  70 e0 83 bc 06 1b 14 8f  07 cf a6 08 58 c3 77 94  |p...........X.w.|
-00000330  0f 94 53 62 54 6c 1f 92  22 9d ae f8 5a ad d5 f3  |..SbTl.."...Z...|
-00000340  8a f7 e6 93 8c 0e 48 1b  23 89 d8 bd e9 5c 50 cd  |......H.#....\P.|
-00000350  07 3d 7e 8e b0 d6 65 44  58 62 03 a1 d9 94 72 f0  |.=~...eDXb....r.|
-00000360  25 a9 e0 c1 be ac 32 05  59 f7 7f 6e 13 23 70 5a  |%.....2.Y..n.#pZ|
-00000370  65 ba a2 d7 da 3c a2 9e  6b 13 16 03 03 00 04 0e  |e....<..k.......|
+000002d0  00 a8 03 00 1d 20 7b 47  ec ef 4d 39 ec 65 b9 7c  |..... {G..M9.e.||
+000002e0  08 da b5 41 0d 62 0b 52  29 24 25 3d 39 21 ed d3  |...A.b.R)$%=9!..|
+000002f0  30 37 0c 15 66 49 08 04  00 80 4b 01 8e 80 78 ed  |07..fI....K...x.|
+00000300  d1 44 e5 98 a4 43 9a 73  b7 dc 67 72 83 29 f3 e3  |.D...C.s..gr.)..|
+00000310  5b 72 ee d6 36 12 db bf  ab d6 86 fd a8 54 a5 a0  |[r..6........T..|
+00000320  0e 76 ca ea a7 f5 f2 e1  87 94 a7 c5 d8 69 b7 58  |.v...........i.X|
+00000330  d2 f0 10 08 8c 08 ac bd  aa 60 f5 45 20 15 77 71  |.........`.E .wq|
+00000340  5a bb 2a 8b 0a 4b a3 08  71 88 82 01 3c bc 54 ba  |Z.*..K..q...<.T.|
+00000350  f4 42 7a 08 64 d7 57 5b  dc ea 6a 72 e1 7d ca 96  |.Bz.d.W[..jr.}..|
+00000360  d9 89 eb 60 9e d2 a4 f5  cb d5 45 d1 4d 09 4e 18  |...`......E.M.N.|
+00000370  a2 4f 0f 59 97 a1 5f 7f  65 4f 16 03 03 00 04 0e  |.O.Y.._.eO......|
 00000380  00 00 00                                          |...|
 >>> Flow 3 (client to server)
 00000000  16 03 03 00 25 10 00 00  21 20 2f e5 7d a3 47 cd  |....%...! /.}.G.|
 00000010  62 43 15 28 da ac 5f bb  29 07 30 ff f6 84 af c4  |bC.(.._.).0.....|
 00000020  cf c2 ed 90 99 5f 58 cb  3b 74 14 03 03 00 01 01  |....._X.;t......|
-00000030  16 03 03 00 20 5e 91 45  7d ab 7c b7 6f 57 a6 d0  |.... ^.E}.|.oW..|
-00000040  17 83 cb 40 1b 76 6b 5e  80 39 03 2f 6d 2f 10 8e  |...@.vk^.9./m/..|
-00000050  74 33 12 54 8d                                    |t3.T.|
+00000030  16 03 03 00 20 b9 f7 58  6f d3 29 b8 41 35 06 b7  |.... ..Xo.).A5..|
+00000040  55 85 c1 f0 63 fe 4f 5f  87 01 cc 67 0b f1 4c b4  |U...c.O_...g..L.|
+00000050  ca 92 bd c0 6d                                    |....m|
 >>> Flow 4 (server to client)
-00000000  14 03 03 00 01 01 16 03  03 00 20 f1 3c 7a 28 eb  |.......... .<z(.|
-00000010  0a b1 bf 42 28 de 07 83  76 c6 2c 94 b7 d5 ef f3  |...B(...v.,.....|
-00000020  0b 9c 0c 2e d3 ab 8a a9  03 d2 c0                 |...........|
+00000000  14 03 03 00 01 01 16 03  03 00 20 68 92 93 84 bd  |.......... h....|
+00000010  0e de 33 1b db ca 54 b8  a0 2f 53 c5 76 de d2 c5  |..3...T../S.v...|
+00000020  7a 54 bb db 0c 08 86 79  d2 6c 58                 |zT.....y.lX|
 >>> Flow 5 (client to server)
-00000000  17 03 03 00 16 dc f6 18  54 22 e0 9c 08 bf db a8  |........T"......|
-00000010  62 2a 64 9e 06 43 0f 22  18 0e 34 15 03 03 00 12  |b*d..C."..4.....|
-00000020  20 2f f4 76 cd dc 82 eb  30 f9 e0 42 6b 29 16 ed  | /.v....0..Bk)..|
-00000030  7c f0                                             ||.|
+00000000  17 03 03 00 16 79 38 07  9b be 83 44 9a 3e 11 1a  |.....y8....D.>..|
+00000010  99 2f f2 4e 33 84 0b c7  8e ed c3 15 03 03 00 12  |./.N3...........|
+00000020  ca bd 7e 59 04 8c e0 52  80 1e 56 1e af c1 5f 61  |..~Y...R..V..._a|
+00000030  6c 6a                                             |lj|